Integraal Risicomanagement
Amsterdam, 20 september 2011
De zin en onzin ervan ...
Harold Malaihollo
Pelle van Vlijmen
© 2011 Deloitte The Netherlands
Uw Sprekers
1
Harold Malaihollo
Director
Deloitte – Financial Risk Management
Tel nr: +31 (0)6 526 150 91
Pelle van Vlijmen
Director
Deloitte – Financial Risk Management
Tel nr: +31 (0)6 123 449 99
Integraal risicomanagement VSAE Actuariaat Congres
© 2011 Deloitte The Netherlands
De onderwerpen
2
Integraal risicomanagement # slides
• Introductie en agenda 2
• Verkenning Integraal risicomanagement 6
• Risk Governance 6
Integraal risicomanagement VSAE Actuariaat Congres
© 2011 Deloitte The Netherlands
De zin en onzin van integraal risicomanagement
Integraal
Bijvoeglijk naamwoord als iets alles omvat.
Synoniem: volledig / in zijn geheel
integraal
[wiskunde] limiet van de som van onbepaald afnemende termen.
voltallig, geheel: integrale publicatie (bw) (bn).
integraal
1) Algeheel 2) Allesomvattend 3) Bestaande op zichzelf 4) Een geheel
uitmakend 5) Een geheel zijnde 6) Geheel 7) Helemaal 8) In zijn geheel 9)
Onaflosbare Nederlandse staatsschuldbrief 10) Onverkort 11) Op zichzelf
bestaand
Risicomanagement
Risicomanagement is het maken van de afweging tussen de voor- en
nadelen van het elimineren van risico`s en het nemen van een uiteindelijke
beslissing.
Risicomanagement
Set aan maatregelen die genomen dienen te worden om de ingeschatte
risico‟s onder controle te houden.
Risicomanagement
`Risicomanagement` is het identificeren en kwantificeren van risico's
(bijvoorbeeld in een project) en het vaststellen van beheersmaatregelen.
3 Integraal risicomanagement VSAE Actuariaat Congres
© 2011 Deloitte The Netherlands
Integraal risicomanagement, iedereen ziet er wat anders in
Article 44 - Risk management
1. Insurance and reinsurance undertakings shall have in place an effective risk-
management system comprising strategies, processes and reporting
procedures necessary to identify, measure, monitor, manage and report, on a
continuous basis the risks, at an individual and at an aggregated level, to which
they are or could be exposed, and their interdependencies.
That risk-management system shall be effective and well integrated into the
organisational structure and in the decision-making processes of the insurance
or reinsurance undertaking with proper consideration of the persons who
effectively run the undertaking or have other key functions.
2. The risk-management system shall cover the risks to be included in the
calculation of the Solvency Capital Requirement as set out in Article 101(4) as well
as the risks which are not or not fully included in the calculation thereof. The
risk-management system shall cover at least the following areas:
a) underwriting and reserving;
b) asset–liability management;
c) investment, in particular derivatives and similar commitments;
d) liquidity and concentration risk management;
e) operational risk management;
f) reinsurance and other risk-mitigation techniques.
Operational risk
1. The operational risk management framework needs to be closely integrated into
the risk management processes of the undertaking. Its output must be an
integral part of the process of monitoring and controlling the undertaking‟s
operational risk profile.
4 Integraal risicomanagement VSAE Actuariaat Congres
© 2011 Deloitte The Netherlands
Wat is Economisch Kapitaal
5 Integraal risicomanagement VSAE Actuariaat Congres
• Economic Capital covers the loss between the expected loss (EL) and the extreme loss associated
with the chosen confidence level.
• Economic Capital can be viewed as the “demand” for capital, resulting from the Institution‟s risk
exposures.
• Available capital should exceed Economic Capital.
Pro
ba
bili
ty o
f L
oss %
„Expected‟ Loss
to be covered by
Technical
Provision.
Economic Capital
i.e. potential „unexpected losses‟
against which capital must be held.
Expected loss 99.5%
Confidence level
Losses
Potential „unexpected
losses‟ against which it
would be uneconomical
to hold capital.
© 2011 Deloitte The Netherlands
De drie pijlers
6 Integraal risicomanagement VSAE Actuariaat Congres
• Solvency II is gebaseerd op drie begeleidende principes waar marktrisico, krediet risico,
operationeel risico en verzekeringstechnische risico als belangrijkste risico‟s voor een
verzekeraars dwars door heen lopen.
• Solvency II is bedoeld om verzekeraars te belonen voor het goed meten beheersen van hun
risico door lagere kapitaalvereisten (en daarmee eventueel lager prijzen en competitief voordeel)
• Solvency II dekt kwantitatief zowel als kwalitatieve aspecten van risico‟s.
© 2011 Deloitte The Netherlands
Integraal risicomanagement
7 Integraal risicomanagement VSAE Actuariaat Congres
© 2011 Deloitte The Netherlands
System of governance – link risicomanagement en kapitaalmanagement
8 Integraal risicomanagement VSAE Actuariaat Congres
Definition
of the
ORSA
“The ORSA is the entirety of the processes and procedures
employed to identify, assess, monitor, manage, and report the short
and long term risks a (re)insurance undertaking faces or may face
and to determine the own funds necessary to ensure that the
undertaking‟s overall solvency needs are met at all times.”*
* Source: §9 of CEIOPS’ Issues Paper on the Own Risk and Solvency Assessment, CEIOPS-IGSRR-09/08, May 2008
Internal risk governance
System of Governance
Own Risk and Solvency Assessment
Risk management Capital management
Capital planning
Roles and responsibilities
Documentation
Complete identification
Assessment
Stress testing
Allocation / limit setting
Contingency plan
Risk management
Risk appetite / tolerance
© 2011 Deloitte The Netherlands
Governance volgens Solvency II (artikel 41 & 43)
• Insurers need an effective and transparent system of governance, with clear and appropriate
segmentation of responsibilities.
• Companies must have written policies on each of the following, which are reviewed at least annually:
‒ Risk management
‒ Internal control
‒ Internal audit
‒ Actuarial
‒ Outsourcing (if relevant)
• The insurer must ensure continuity and regularity in its activities. It must have appropriate and
proportional systems resources.
• In addition, the insurer needs procedures to ensure this continuity and regularity, with suitable
contingency plans.
• Employees of the insurer must be „fit and proper‟ and the insurer must demonstrate this for key
individuals to the supervisory body.
9 Integraal risicomanagement VSAE Actuariaat Congres
© 2011 Deloitte The Netherlands
Governance volgens Solvency II
10
• The undertaking shall embed the risk management function in the organizational structure and organize the associated reporting lines in a manner which ensures that the function is objective and not responsible for the results of operational business.
• The tasks of the risk management function shall include:
• Assisting the administrative or management body and other management in the effective operation of the risk management system;
• Monitoring the risk management system;
• Maintain a vision on the risk profile.
• Reporting details on risk exposures and advising the administrative or management body with regard to risk management matters in relation to strategic affairs like corporate strategy, mergers and acquisitions and major projects and investments.
Risk management function
Integraal risicomanagement VSAE Actuariaat Congres
© 2011 Deloitte The Netherlands
Actuariële Functie
11
• In coordinating the calculation of the technical provisions the actuarial function shall at a minimum:
• To assess the sufficiency of technical provisions and to ensure that their calculation is consistent with the underlying principles;
• To assess the uncertainty associated with the estimates;
• To compare and justify any material differences among the estimates for different years;
• To compare best estimates against experience;
• To assess the sufficiency and quality of the data used in the calculation of technical provisions;
• Ensure that homogeneous risk groups for an appropriate assessment of the underlying risks are identified;
• Consult any relevant market information and ensure that it is integratedinto the assessment of technical provisions;
Actuarial Function (I)
Integraal risicomanagement VSAE Actuariaat Congres
© 2011 Deloitte The Netherlands
Actuariële Functie
12
• Regarding the overall underwriting policy, the opinion to be expressed by the actuarial function should at least include the following issues:
• Analysis of the sufficiency of the premiums to cover future losses;
• Considerations regarding inflation, legal risk, change of mix, anti-selection and adequacy of bonus-malus system(s) implemented in specific line(s) of business.
• The actuarial function shall be objective and free from influence of other functions or the administrative or management body. In order to be able to provide its opinions in an independent fashion, the actuarial function should be constituted by persons who verify a sufficient level of independency between them.
• The actuarial function shall at least annually produce written reports to be submitted to the administrative or management body.
Actuarial Function (II)
Integraal risicomanagement VSAE Actuariaat Congres
© 2011 Deloitte The Netherlands
Markt practice (advies DNB)
13
1st Line of Defence 2nd Line of Defence 3rd Line of Defence
Exte
rnal A
ud
itor/A
ctu
ary
Reg
ula
tor
Internal
independent
assurance
Market Risk Management
Counter party Risk Management
Reputational Risk Management
Operational Risk Management
Underwriting Risk Management
Busin
ess L
ines
Managem
ent
contro
l activ
ities
Strategic Risk Management
Risk Governance Framework
Key principles of the approach include:
Heads of organisations businesses have primary accountability for the performance, operations, compliance and
effective control of risks affecting their business (the “first line of defence”).
The risk management functions (the “second line of defence”):
coordinate, oversee and objectively challenge the execution, management, control and reporting of
risks
are “independent” of the management & personnel that originate the risk exposures
have the power to escalate / veto high risk business activity
The internal assurance function (the “third line of defence”) is “independent” of both the businesses & risk functions and
provide independent and objective assurance on the design and effectiveness of the overall system of internal
control, including risk management activity performed by functions in both the 1st and 2nd lines of defence.
Board of Directors
Integraal risicomanagement VSAE Actuariaat Congres
© 2011 Deloitte The Netherlands
Stellingen I
• Ik heb een three lines of defence model, nu ben ik governance technisch Solvency II proof...
• Handig, de risk management function managet mijn risico‟s, goede scheiding van rollen
• We hebben een afdeling “actuariaat en risicomanagement”, daar zijn de RM & actuariële functies
belegd
14 Integraal risicomanagement VSAE Actuariaat Congres
© 2011 Deloitte The Netherlands
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms,
each of which is a legally separate and independent entity. Please see www.deloitte.com/about for a detailed description of the legal structure of
Deloitte Touche Tohmatsu Limited and its member firms.
Deloitte provides audit, tax, consulting, and financial advisory services to public and private clients spanning multiple industries. With a globally
connected network of member firms in more than 150 countries, Deloitte brings world-class capabilities and deep local expertise to help clients
succeed wherever they operate. Deloitte's approximately 170,000 professionals are committed to becoming the standard of excel lence.
This publication contains general information only, and none of Deloitte Touche Tohmatsu Limited, its member firms, or their related entities
(collectively, the “Deloitte Network”) is, by means of this publication, rendering professional advice or services. Before making any decision or
taking any action that may affect your finances or your business, you should consult a qualified professional adviser. No entity in the Deloitte
Network shall be responsible for any loss whatsoever sustained by any person who relies on this publication.
Integraal risicomanagement VSAE Actuariaat Congres 15